现在很多游戏都是动态的内存地址,也看到N多人写了教程,可是感觉不大通用,所以在这里写了这篇东东,但要用的东西很多,可能要慢慢的消化,呵呵~~我不大会讲解,所以我找了篇文章来给给大家。。。。
PD9.JPG (93.19 KB)
下载次数:545
2006-10-17 20:32
PD10.JPG (68.96 KB)
下载次数:310
2006-10-17 20:32
PD11.JPG (58.11 KB)
下载次数:260
2006-10-17 20:32
PD12.JPG (38.51 KB)
下载次数:205
2006-10-17 20:32
上面的内容一定要好好看哦,呵呵~~下面我就以AC找红蓝个数为例子,写了一个内存补丁。本来不想写详细过程的。。但想想还是写下吧。因为很多人不会查找,我是以GM8找的,所以在这我就以GM8为工具来个图文解说了~。
首先先在游戏里收搜红的个数的内存地址,搜几次后会只有一二个地址,选一个地址,然后再地址上点右键,选跟踪,然后再吃一瓶用OR卖一些红。这时,你在跟踪代码部分就会看到原来空空的地方多了一条汇编指令。详细的见图。双击上面的指令,下面就会出来相关的汇编指令了,我们这里要知道的就是ESI的地址。在ESI上加上偏量&H00000CC8就是红的地址了,再在红的地址上加上&H4就是蓝的个数地址了。在图中,我把要跳转的地址用红框框出来了,我们要跳转到空的内存地址,这里我选的是&H00A00000,把ESI的值放到了&H00A00030里, 具体我就不说了,看懂上面的应该知道是怎么回事。
我只给我这段的汇编指令的机器码
0063CCAF E94C333C0090 '跳转到&H00A00000
00A00000 018EC80C0000 '执行原&H0063CCAF里的机器码
00A00006 89353000A000 '把ESI的值放到&H00A00030里
00A0000C E9A4CCC3FF '跳转回&H0063CCB5
好了,到这里思路就完了,下面给出VB里的代码。
下载 (20.29 KB)
2006-10-17 21:04
下载 (52.15 KB)
2006-10-17 21:04
下载 (66.94 KB)
2006-10-17 21:04
主窗体[FrmFL.frm]
Public M_Start, M_End As Long
Private Sub Command1_Click()
If Command1.Caption = "停止" Then
Timer1.Enabled = False
Command1.Caption = "运行"
Text1.Text = ""
Text2.Text = ""
Text3.Text = ""
Else
If FindGame("AlefClient") = True Then
Timer1.Enabled = True
Command1.Caption = "停止"
Else
Timer1.Enabled = False
End
End If
End If
End Sub
Private Sub Form_Load()
SetWindowPos Me.hWnd, HWND_TOPMOST, 0, 0, 0, 0, SWP_NOMOVE Or SWP_NOSIZE '置顶窗口
Command1_Click '调用按键单击
End Sub
Private Sub Form_Unload(Cancel As Integer)
CloseHandle hProcess '关闭进程
End
End Sub
Private Sub Timer1_Timer()
M_Start = &H63CCAF '要跳转的地址
M_End = &HA00000 '跳转到的地址
'&H63CCAF里的数据
Call wMem(M_Start + 0, &HE9, 1)
Call wMem(M_Start + 1, &H4C, 1)
Call wMem(M_Start + 2, &H33, 1)
Call wMem(M_Start + 3, &H3C, 1)
Call wMem(M_Start + 4, &H0, 1)
Call wMem(M_Start + 5, &H90, 1)
'&HA00000里的数据
Call wMem(M_End, &H1, 1)
Call wMem(M_End + 1, &H8E, 1)
Call wMem(M_End + 2, &HC8, 1)
Call wMem(M_End + 3, &HC, 1)
Call wMem(M_End + 4, &H0, 1)
Call wMem(M_End + 5, &H0, 1)
'&HA00006里的数据
Call wMem(M_End + 6, &H89, 1)
Call wMem(M_End + 7, &H35, 1)
Call wMem(M_End + 8, &H30, 1)
Call wMem(M_End + 9, &H0, 1)
Call wMem(M_End + 10, &HA0, 1)
Call wMem(M_End + 11, &H0, 1)
'&HA0000C里的数据
Call wMem(M_End + 12, &HE9, 1)
Call wMem(M_End + 13, &HA4, 1)
Call wMem(M_End + 14, &HCC, 1)
Call wMem(M_End + 15, &HC3, 1)
Call wMem(M_End + 16, &HFF, 1)
FrmFL.Text1 = Hex(rMem(&HA00030, 4)) '读基址
FrmFL.Text2 = rMem(rMem(&HA00030, 4) + &HCCC, 2) '读蓝的个数
FrmFL.Text3 = rMem(rMem(&HA00030, 4) + &HCC8, 2) '读红的个数
End Sub
模块[moudel1.bas]
'查找窗口
Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
'获得窗口进程
Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hWnd As Long, lpdwProcessId As Long) As Long
'打开进程
Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
'写内存
Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
'读内存
Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
'关闭进程
Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Public Const PROCESS_ALL_ACCESS = &H1F0FFF
Public hProcess As Long
Public GameName As String
'置顶窗口
Declare Function SetWindowPos Lib "user32" (ByVal hWnd As Long, ByVal hWndInsertAfter As Long, ByVal X As Long, ByVal Y As Long, ByVal cx As Long, ByVal cy As Long, ByVal wFlags As Long) As Long
Public Const HWND_TOPMOST& = -1
' 将窗口置于列表顶部,并位于任何最顶部窗口的前面
Public Const SWP_NOSIZE& = &H1
' 保持窗口大小
Public Const SWP_NOMOVE& = &H2
'读内存
Function rMem(vAdd As Long, L As Long) As Long
Dim ret As Long
Call ReadProcessMemory(hProcess, vAdd, ret, L, 0&)
rMem = ret
End Function
'写内存
Function wMem(vAdd As Long, value As Long, L As Long)
Call WriteProcessMemory(hProcess, vAdd, value, L, 0&)
End Function
'查找并打开游戏进程
Public Function FindGame(GameName As String) As Boolean
Dim GameHwnd As Long, Pid As Long
hProcess = 0
GameHwnd = FindWindow(vbNullString, GameName)
If GameHwnd = 0 Then
MsgBox ("没有找到指定程序!请确定该程序已经打开!"), vbExclamation
Exit Function
End If
GetWindowThreadProcessId GameHwnd, Pid
hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, Pid)
If (hProcess = 0) Then
MsgBox ("打开进程出错!"), vbExclamation
Exit Function
Else
FindGame = True
End If
End Function
[ 本帖最后由 jimmyzs 于 2006-10-17 09:53 PM 编辑 ]
PD15.JPG (9.61 KB)
下载次数:129
2006-10-17 21:27
窗体设计
PD7.JPG (14.2 KB)
下载次数:123
2006-10-17 21:27
PD8.JPG (13.39 KB)
下载次数:137
2006-10-17 21:27
